apiVersion: v1 kind: Pod metadata: annotations: kubectl.kubernetes.io/default-container: prometheus creationTimestamp: "2026-02-26T22:04:56Z" generateName: prometheus-kube-prometheus-stack-prometheus- labels: app.kubernetes.io/instance: kube-prometheus-stack-prometheus app.kubernetes.io/managed-by: prometheus-operator app.kubernetes.io/name: prometheus app.kubernetes.io/version: 2.51.2 apps.kubernetes.io/pod-index: "0" controller-revision-hash: prometheus-kube-prometheus-stack-prometheus-569f47dd54 operator.prometheus.io/name: kube-prometheus-stack-prometheus operator.prometheus.io/shard: "0" prometheus: kube-prometheus-stack-prometheus statefulset.kubernetes.io/pod-name: prometheus-kube-prometheus-stack-prometheus-0 name: prometheus-kube-prometheus-stack-prometheus-0 namespace: monitoring ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: StatefulSet name: prometheus-kube-prometheus-stack-prometheus uid: 6a69fb04-73c0-4236-941e-b336375f90b9 resourceVersion: "5412" uid: ada18d24-6ad3-4520-9ccd-9413739ed45e spec: automountServiceAccountToken: true containers: - args: - --web.console.templates=/etc/prometheus/consoles - --web.console.libraries=/etc/prometheus/console_libraries - --config.file=/etc/prometheus/config_out/prometheus.env.yaml - --web.enable-lifecycle - --web.external-url=http://prometheus.199-204-45-41.nip.io/ - --web.route-prefix=/ - --storage.tsdb.retention.time=10d - --storage.tsdb.path=/prometheus - --storage.tsdb.wal-compression - --web.config.file=/etc/prometheus/web_config/web-config.yaml image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 6 httpGet: path: /-/healthy port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 name: prometheus ports: - containerPort: 9090 name: http-web protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 5 successThreshold: 1 timeoutSeconds: 3 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true startupProbe: failureThreshold: 60 httpGet: path: /-/ready port: http-web scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 3 terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config_out name: config-out readOnly: true - mountPath: /etc/prometheus/certs name: tls-assets readOnly: true - mountPath: /prometheus name: prometheus-kube-prometheus-stack-prometheus-db subPath: prometheus-db - mountPath: /certs name: certs - mountPath: /etc/prometheus/secrets/kube-prometheus-stack-etcd-client-cert name: secret-kube-prometheus-stack-etcd-client-cert readOnly: true - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /etc/prometheus/web_config/web-config.yaml name: web-config readOnly: true subPath: web-config.yaml - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x75l6 readOnly: true - args: - --listen-address=:8080 - --reload-url=http://127.0.0.1:9090/-/reload - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x75l6 readOnly: true - args: - --template=/config/certificate-template.yml - --ca-path=/certs/ca.crt - --cert-path=/certs/tls.crt - --key-path=/certs/tls.key env: - name: POD_UID valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.uid - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: POD_IP valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imagePullPolicy: IfNotPresent name: pod-tls-sidecar resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /config name: kube-prometheus-stack-prometheus-tls - mountPath: /certs name: certs - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x75l6 readOnly: true - envFrom: - secretRef: name: kube-prometheus-stack-prometheus-oauth2-proxy image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /ping port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: oauth2-proxy ports: - containerPort: 8081 name: oauth2-proxy protocol: TCP - containerPort: 8082 name: oauth2-metrics protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /ready port: oauth2-proxy scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 100m memory: 300Mi requests: cpu: 100m memory: 300Mi terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs/ca-certificates.crt name: ca-certificates readOnly: true - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x75l6 readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostname: prometheus-kube-prometheus-stack-prometheus-0 initContainers: - args: - --watch-interval=0 - --listen-address=:8080 - --config-file=/etc/prometheus/config/prometheus.yaml.gz - --config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yaml - --watched-dir=/etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 command: - /bin/prometheus-config-reloader env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: SHARD value: "0" image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imagePullPolicy: IfNotPresent name: init-config-reloader ports: - containerPort: 8080 name: reloader-web protocol: TCP resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /etc/prometheus/config name: config - mountPath: /etc/prometheus/config_out name: config-out - mountPath: /etc/prometheus/rules/prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: kube-api-access-x75l6 readOnly: true nodeName: instance nodeSelector: openstack-control-plane: enabled preemptionPolicy: PreemptLowerPriority priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: fsGroup: 2000 runAsGroup: 2000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault serviceAccount: kube-prometheus-stack-prometheus serviceAccountName: kube-prometheus-stack-prometheus shareProcessNamespace: false subdomain: prometheus-operated terminationGracePeriodSeconds: 600 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: prometheus-kube-prometheus-stack-prometheus-db persistentVolumeClaim: claimName: prometheus-kube-prometheus-stack-prometheus-db-prometheus-kube-prometheus-stack-prometheus-0 - name: config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus - name: tls-assets projected: defaultMode: 420 sources: - secret: name: prometheus-kube-prometheus-stack-prometheus-tls-assets-0 - emptyDir: medium: Memory name: config-out - name: secret-kube-prometheus-stack-etcd-client-cert secret: defaultMode: 420 secretName: kube-prometheus-stack-etcd-client-cert - configMap: defaultMode: 420 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 name: prometheus-kube-prometheus-stack-prometheus-rulefiles-0 - name: web-config secret: defaultMode: 420 secretName: prometheus-kube-prometheus-stack-prometheus-web-config - hostPath: path: /etc/ssl/certs/ca-certificates.crt type: "" name: ca-certificates - emptyDir: medium: Memory name: certs - configMap: defaultMode: 420 name: kube-prometheus-stack-prometheus-tls name: kube-prometheus-stack-prometheus-tls - name: kube-api-access-x75l6 projected: defaultMode: 420 sources: - serviceAccountToken: expirationSeconds: 3607 path: token - configMap: items: - key: ca.crt path: ca.crt name: kube-root-ca.crt - downwardAPI: items: - fieldRef: apiVersion: v1 fieldPath: metadata.namespace path: namespace status: conditions: - lastProbeTime: null lastTransitionTime: "2026-02-26T22:05:25Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2026-02-26T22:06:03Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2026-02-26T22:06:03Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2026-02-26T22:05:02Z" status: "True" type: PodScheduled containerStatuses: - containerID: containerd://78abc53113a46bc641bfedec8594e9e289da4bf7effff5c130df3d808486a88c image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: config-reloader ready: true restartCount: 0 started: true state: running: startedAt: "2026-02-26T22:05:43Z" - containerID: containerd://c1c4c7b03006045f964e454876c5dd18f0cda763fa86ffca8ed817eb7edb87c8 image: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy:v7.6.0 imageID: harbor.atmosphere.dev/quay.io/oauth2-proxy/oauth2-proxy@sha256:dcb6ff8dd21bf3058f6a22c6fa385fa5b897a9cd3914c88a2cc2bb0a85f8065d lastState: {} name: oauth2-proxy ready: true restartCount: 0 started: true state: running: startedAt: "2026-02-26T22:05:51Z" - containerID: containerd://27c72f913ee5dbfba8df330e4da03d8fd7146faa6e8c3d594d178e6440838922 image: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar:v1.0.0 imageID: harbor.atmosphere.dev/ghcr.io/vexxhost/pod-tls-sidecar@sha256:7a030f8b86c1503006e7d82312a3c8e98769c3b8e3a2e834aee3c60df184161a lastState: {} name: pod-tls-sidecar ready: true restartCount: 0 started: true state: running: startedAt: "2026-02-26T22:05:43Z" - containerID: containerd://22e873aa4fbc992f154b554d2be7f41d223a195c46f9d2a0231dd25d45a0f08f image: harbor.atmosphere.dev/quay.io/prometheus/prometheus:v2.51.2 imageID: harbor.atmosphere.dev/quay.io/prometheus/prometheus@sha256:4f6c47e39a9064028766e8c95890ed15690c30f00c4ba14e7ce6ae1ded0295b1 lastState: {} name: prometheus ready: true restartCount: 0 started: true state: running: startedAt: "2026-02-26T22:05:42Z" hostIP: 199.204.45.41 initContainerStatuses: - containerID: containerd://21ab9e3414a34bdf7234415085ac396f1b54a2fa554037c2161bb5bf4072ce62 image: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader:v0.73.0 imageID: harbor.atmosphere.dev/quay.io/prometheus-operator/prometheus-config-reloader@sha256:d0e5f8d12f8be6223c93bd13b6d2729ed8f1ae13a61ace8cd1eea3d165666140 lastState: {} name: init-config-reloader ready: true restartCount: 0 started: false state: terminated: containerID: containerd://21ab9e3414a34bdf7234415085ac396f1b54a2fa554037c2161bb5bf4072ce62 exitCode: 0 finishedAt: "2026-02-26T22:05:23Z" reason: Completed startedAt: "2026-02-26T22:05:23Z" phase: Running podIP: 10.0.0.70 podIPs: - ip: 10.0.0.70 qosClass: Burstable startTime: "2026-02-26T22:05:02Z"